I read the CNC3 in the tutorial so I thought I would give it a shot
well I found the money addresss (the game is Command & Conquer Red Alert 3) and I put it over to the side (non static) and I find what writes to it
Okay this is my process
I go into Campaign mode and I play I get to my point with 3000 in the money slot
- I search for the money value on Long exact value aligned and same as before ticked
- I go in buy something and search for that value (2700)
- Now I have 4 different addresses that change I use the top one and change it to 5000 it works so that is my address (06B597A4)
ok with that said lets see what we god
- Address to the money
- Code: Select all
06B597A4
- Value of the address
- Code: Select all
5000
----------------------------------------------------------------------------
Now lets get started
ok I find out what WRITES to the address
- Code: Select all
ADDRESS: 007F20D0
MOV DWORD PTR [ESI+4], EAX
-----------------------------------------------
The Auto-Assembly injection
Alloc( MyCode, 2048 ) ; Allocate 2,048 bytes and store the allocated address into MyCode, which we use as the location where our new code goes.
Label( OverwrittenCode ) ; The code that was overwritten by the JMP to MyCode will go here.
Label( Exit ) ; JMP here to exit our custom code and go back to the original code.
Label( Return ) ; The location of the next instruction of the original code.
FullAccess( ra3_1.0.game+0x003F20D0, 2048 )
ra3_1.0.game+0x003F20D0 :
jmp MyCode
nop
Return :
MyCode : ; The allocated address. Put your code after this.
OverwrittenCode : ; The overwritten code (code that was overwritten by the JMP to MyCode).
mov dword ptr [esi+4], eax
mov eax, dword ptr [esi+C]
Exit : ; Automatic JMP back to the original code, or you can JMP Return directly to avoid coming here.
jmp Return
So now that I have this I found something about this address
- Code: Select all
ADDRESS:007F20CE
SUB EAX, EDI
------------------------
Auto - Assembly
Alloc( MyCode, 2048 ) ; Allocate 2,048 bytes and store the allocated address into MyCode, which we use as the location where our new code goes.
Label( OverwrittenCode ) ; The code that was overwritten by the JMP to MyCode will go here.
Label( Exit ) ; JMP here to exit our custom code and go back to the original code.
Label( Return ) ; The location of the next instruction of the original code.
FullAccess( ra3_1.0.game+0x003F20CE, 2048 )
ra3_1.0.game+0x003F20CE :
jmp MyCode
Return :
MyCode : ; The allocated address. Put your code after this.
OverwrittenCode : ; The overwritten code (code that was overwritten by the JMP to MyCode).
sub eax, edi
mov dword ptr [esi+4], eax
Exit : ; Automatic JMP back to the original code, or you can JMP Return directly to avoid coming here.
jmp Return
Now from what I read in the tut you can ASSEMBLE IT and make it say ADD instead of SUB but I wanted to make a ticking one to where if I freeze the address it will do this and unfreeze it will revert it to the normal way
So if I was explained to right
in the address of the money hack (06B597A4) under Auto - Assembly it should look like this
- Code: Select all
fullaccess{007F20CE, 6)
alloc(money, 0x90)
[enable]
jmp money
nop
money:
add eax, edi
[disable]
sub eax,edi
dealloc(money)
So this will do it right or am I off????
because I think when I last tried this after ticking make this to enable this and disable this I enabled it and it shot my money up to like 32047227390 and disabled make it -2472039725 so what is going on?
*UPDATE*
Okay I figured this out and it works
- Code: Select all
address of the money 067A4ABC
Auto - Assembly
fullaccess(007F20CE, 6)
[enable]
007F20CE :
add eax, edi
[disable]
007F20CE :
sub eax, edi
I have it ticked at the bottom for enable and disable